Merge pull request #798 from ae-utbm/fix-content-disposition

repair name of protected files
This commit is contained in:
thomas girod 2024-08-30 10:44:49 +02:00 committed by GitHub
commit a4d801bed4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -58,30 +58,28 @@ def send_file(
if not can_view(f, request.user) and not is_logged_in_counter(request): if not can_view(f, request.user) and not is_logged_in_counter(request):
raise PermissionDenied raise PermissionDenied
name = getattr(f, file_attr).name name = getattr(f, file_attr).name
filepath = settings.MEDIA_ROOT / name
# check if file exists on disk
if not filepath.exists():
raise Http404
response = HttpResponse(
headers={"Content-Disposition": f'inline; filename="{quote(name)}"'}
)
if not settings.DEBUG: if not settings.DEBUG:
# When receiving a response with the Accel-Redirect header, # When receiving a response with the Accel-Redirect header,
# the reverse proxy will automatically handle the file sending. # the reverse proxy will automatically handle the file sending.
# This is really hard to test (thus isn't tested) # This is really hard to test (thus isn't tested)
# so please do not mess with this. # so please do not mess with this.
response = HttpResponse(status=200) response["Content-Type"] = "" # automatically set by nginx
response["Content-Type"] = ""
response["X-Accel-Redirect"] = quote(urljoin(settings.MEDIA_URL, name)) response["X-Accel-Redirect"] = quote(urljoin(settings.MEDIA_URL, name))
return response return response
filepath = settings.MEDIA_ROOT / name
# check if file exists on disk
if not filepath.exists():
raise Http404
with open(filepath, "rb") as filename: with open(filepath, "rb") as filename:
wrapper = FileWrapper(filename) response.content = FileWrapper(filename)
response = HttpResponse(wrapper, content_type=f.mime_type) response["Content-Type"] = f.mime_type
response["Last-Modified"] = http_date(f.date.timestamp()) response["Last-Modified"] = http_date(f.date.timestamp())
response["Content-Length"] = filepath.stat().st_size response["Content-Length"] = filepath.stat().st_size
response["Content-Disposition"] = ('inline; filename="%s"' % f.name).encode(
"utf-8"
)
return response return response